That works!
Thanks Noriko - much appreciated!
On Fri, Oct 23, 2015 at 4:25 PM, Noriko Hosoi <nhosoi(a)redhat.com> wrote:
On 10/23/2015 04:12 PM, Joel Levin wrote:
Hi All:
I inserted the first ACI with an IP Address restriction: tested from all
angles but seems to fail when the IP address restricted added.
ACI template:
(targetattr = "foobar") (version 3.0;acl "redcap-svc REDCap SA Read
Only";allow (read,compare,search)(userdn = "ldap:///example") and
(dns="123.123.123.123");)
What happens if you use "ip" instead of "dns" as in this example?
https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/10...
13.9.6.1. ACI "HostedCompany1"
In LDIF, to grant HostedCompany1 full access to their own branch of the
directory under the requisite conditions, write the following statement:
aci:(target="ou=HostedCompany1,ou=corporate-clients,dc=example,dc=com")
(targetattr= "*") (version 3.0; acl "HostedCompany1";allow
(all)
(roledn="ldap:///cn=DirectoryAdmin,ou=HostedCompany1,
ou=corporate-clients,dc=example,dc=com") and
(authmethod="ssl") and (dayofweek="Mon,Tues,Wed,Thu") and
(timeofday >= "0800" and
timeofday <= "1800") and (ip="255.255.123.234"); )
Is there an additional configuration to set for IP address restriction to
take hold in 389 DS?
Thanks.
--
389 users mailing
list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users